What’s Pretexting? Don’t Let the Scammers Win!

What Is Pretexting?

Pretexting is when scammers gain access to sensitive data and personal accounts under false pretexts. They often contact their victims via phone calls, emails, and texts and work to gain their trust in order to get them to hand over private information.

Pretexting Is Social Engineering

Social engineering is the act of deceiving or manipulating people into giving up confidential information. Thus, pretexting is a form of social engineering employed by scammers to obtain personal information for fraudulent reasons, such as to commit identity theft.

Pretexting in Cyber Security

Pretexting is a big concern in the cyber security industry because scammers often favor digital means of communication, such as email, to lure their victims in.

A common technique online scammers use to pretext is to send phishing emails, which we’ll go into a bit more detail about further down the page.

4 Examples of Pretexting

1. By Phone Call

In a voice call pretexting attack, the scammers call you up and pretend to represent some sort of legitimate company that needs some of your information under some false pretext.

For example, they might pretend to be a survey company and ask you for seemingly harmless details, such as the name of your children or pets.

Why would scammers want access to this type of information, you ask?

Well, they can use it to try to hack into your accounts or because they know many people use names of people or animals close to them as passwords. Or, they might try to call your financial institution and pretend to be you to gain access to your bank accounts.

Pretexters can also sell whatever information they get from you to identity thieves, or perpetrate identity theft themselves. This type of voice call pretexting attack is also known as vishing.

2. By Text

Text pretexting attacks work the same way as phone pretexting attacks, but the scammers send you text messages to try and get private information out of you under false pretexts.

For example, they might send you a text claiming to be from your bank and ask you for your credit card or bank account number.

3. By Identity Theft: The Boardroom Scandal at Hewlett-Packard

There was a case in 2006 that brought pretexting into the spotlight. HP’s high-up management wanted to check if board members had been leaking confidential information to the press, so they hired a private investigator to get their phone records.

The private investigator used identity theft pretexting techniques to obtain board members’ personal data, such as social security numbers. He then used this information to impersonate them when talking to their phone companies in order to get access to their phone records.

This is just one well-known example of the type of identity theft pretexting attacks that happen every day.t

4. Pretexting Phishing Attacks

As we mentioned a little earlier, a common way pretext attacks work online is through phishing emails. This is when the scammers send emails that appear to be from legitimate companies you use and try to trick you into giving up account information or other sensitive data.

For instance, they might send you an email that looks like it’s from Amazon and claim that there is some type of problem with your account. They’ll ask that you provide your username and password to troubleshoot the problem, which they will then use to enter your account and steal other information, like your credit card info that’s stored there.

How To Protect Yourself From Pretexting

1. Don’t Give Out Personal Information Unless You Are 100% Sure It Is Safe

No matter what their pretexts are, you should never give out private information over the phone or via text or email if someone contacts you out of the blue. It’s okay to do so if you call your bank or another company you use services from, but never trust anyone who contacts you in an unsolicited manner.

2. Use as Unique Password as Possible, Your Child’s Name Isn’t Strong Enough

Remember when we said that pretext attackers often phish for information like your children’s or pet’s names to try and impersonate you or hack into your accounts?

Well, this is why you should always use complex, non-personal login passwords — this goes for verbal keywords for things like bank accounts, too. Add numbers and special characters to random words to ensure secure passwords.

3. Always Contact Your Bank Directly if You Think There Is an Issue

If anyone ever contacts you claiming to be from your bank, politely decline any requests for information they have. Then, call your bank directly and ask if there is some kind of real issue they are contacting you about. To be even more safe, you can always go to your bank in person and deal with any issues that way.

4. Be Aware and Keep Your Wits About You

The number one way to avoid pretexting attacks and other scams is to always be wary and err on the side of caution. It’s far better to be paranoid and overly careful than to let your guard down and get your identity stolen or wake up to find out your bank account has been drained.